PDF download Download Article
The complete beginner's guide to hacking
PDF download Download Article

In popular media, hackers are portrayed as villainous characters who illegally gain access to computer systems and networks. In truth, a hacker is simply someone who has a vast understanding of computer systems and networks. Some hackers (called black hats) do use their skills for unethical purposes, or just for the challenge. White hat hackers use their skills to solve problems, strengthen security systems, catch criminals, and fix vulnerabilities. Even if you have no intention of hacking, it's good to know how hackers operate to avoid becoming a target. If you're ready to dive in and learn the art of hacking, we'll give you tips to get started.

Things You Should Know

  • Learn advanced Google search tricks to find hidden files, exploitable systems, and deep web data.
  • Hackers use enumeration to find open ports, usernames, IP addresses, hostnames, and other details to find vulnerabilities in networks and systems.
  • You can use a port scanning tool like Nmap or Angry IP Scanner to find open ports on target systems.
Part 1
Part 1 of 2:

Building Skills

PDF download Download Article
  1. Understand what hacking is. Hacking refers to various techniques used to gain access to or compromise computers, smartphones, or entire networks by identifying and exploiting security weaknesses. Hacking involves a variety of specialized skills, most of which are very technical. Others are more psychological. [1]
    • Despite how hackers are depicted in popular culture, hacking is not inherently bad. Hackers are simply people who are skilled in technology and like to solve problems, identify security weaknesses, and overcome limitations. You can use your skills as a hacker to find solutions to problems, or you can use your skills to create problems and engage in illegal activity.
    • Warning: Gaining access to computers that don't belong to you is illegal. If you choose to use your hacking skills for such purposes, be aware that there are other hackers out there who use their skills for good (they are called white hat hackers ). Some get paid big bucks to go after bad hackers (black hat hackers). If they go after you, you will get caught.
  2. If you are going to hack, you'll need to know how to use the internet. Not just how to use a web browser, but also how to access the deep web . The deep web (which is different than the dark web ) is everything on the internet that's not indexed by Google, including private documents and photos, username and password lists, exposed personal information, unprotected directories, and even susceptible web servers. Google "Dorking" is an advanced search technique used to find information that's been accidentally shared on the internet—basically, the "accidental" deep web.
    • This running list of Google Dorks is a great place to find queries that expose all sorts of private info. Try searching for some of these queries to see what information you can find with Google Dorks.
    • Google indexes many different file types, just not websites. You can search Google for PDFs, Excel spreadsheets, source code, and more using the "filetype:" search operator. [2]
    • Learning the best ways to Google a person will be helpful for the social aspects of hacking.
    Advertisement
  3. Many operating systems are based on Unix, with the most popular being Linux . Many web servers on the internet are Unix-based, so understanding Unix commands is crucial if you want to try hacking web servers.
    • There are many different distributions of Unix and Linux. The most popular Linux distribution is Ubuntu, which you can easily Install as your primary operating system or in a virtual machine . You can also dual boot Windows and Ubuntu.
  4. Learning a programming language might take time, so you need to be patient. Focus on learning to think like a programmer instead of learning individual languages. Focus on similar concepts in all programming languages.
    • Learning HTML and JavaScript ensures that not only can you create websites from scratch, but you'll also learn how to hack the majority of web-based applications. JavaScript makes it easy to manipulate HTML to do just about anything.
    • Python is a popular object-oriented scripting language that can be used to automate repetitive tasks. Python has plenty of free libraries hackers can use to discover exploits and create hacking scripts. Python developers are also in high demand, so learning this scripting language would be a great choice if you want to start a career in ethical hacking.
    • C and C++ are used to develop everything from applications to entire operating systems. Learning C and C++ can be tricky, but it'll give you a great foundation for learning other programming languages. You'll also learn something very important in hacking: how memory works.
    • Learning PHP will be valuable if you want to hack websites and web-based applications. This server-side scripting language is often used by content management systems (CMS), which are incredibly common on the internet.
  5. To be a successful hacker, you'll need to know about the latest exploits and security vulnerabilities. Some websites to follow:
  6. Advertisement
Part 2
Part 2 of 2:

Hacking

PDF download Download Article
  1. To hack, you need a system to practice your hacking skills. However, make sure you have the authorization to attack your target. You can either attack your own network, ask for written permission, or set up your laboratory with virtual machines . Attacking a system without permission, no matter its content, is illegal and will get you in trouble.
    • Boot2root are systems specifically designed to be hacked. You can download these systems at https://www.vulnhub.com and install them using virtual machine software. You can practice hacking these systems.
  2. The process of gathering information about your target is known as enumeration. The goal is to establish an active connection with the target and find vulnerabilities that can be used to further exploit the system. [3] To do this, you'll need to identify network hosts, open ports, users, and other details that are potentially exploitable. You can use enumeration to discover:
    • Open ports
    • Applications and protocols
    • Valid usernames (your advanced Googling skills will help you here)
    • IP routing tables
    • Hostnames and IP addresses
    • Network infrastructure details
    • Network shares and services
    • Service settings and audit configurations
  3. Can you reach the remote system? While you can use the ping utility (which is included in most operating systems) to see if the target is active, you cannot always trust the results — it relies on the ICMP protocol, which can be easily shut off by paranoid system administrators.
  4. You can use a network scanner to run a port scan. This will show you the ports that are open on the machine and the OS, and can even tell you what type of firewall or router they are using so you can plan a course of action. Port-scanning tools like Nmap , Netcat , and Angry IP Scanner can help you enumerate systems both locally and remotely by scanning for open ports.
    • Sublist3r can help you find subdomains of websites.
    • SQLmap is a penetration-testing tool that can help you identify SQL vulnerabilities.
    • You can find more hacking tools by searching for hacker forums. [4]
  5. Once you know which ports are open and which services are running, it's time to search for known exploits . If enumerating a system led you to a list of usernames, you can try using brute force to log in with common passwords or a password cracker. Use your advanced Google search skills to find paths into these vulnerable systems.
    • Ports like FTP (21) and HTTPS (443) are often well protected. Try other TCP and UDP ports that may have been forgotten, such as Telnet and various UDP ports left open for LAN gaming .
    • An open port 22 is usually evidence of an SSH (secure shell) service running on the target, which can sometimes be brute-forced.
  6. Crack the password or authentication process. If your only path into the system is by logging in, you'll need to get a user's password. There are several methods for cracking a password. They include some of the following:
    • Brute Force: A brute force attack simply tries to guess the user's password. Hackers often use tools that rapidly guess different words from a dictionary to try to guess a password. To protect against a brute force attack, avoid using simple words as your password, and make sure your password is at least 10-12 characters long.
    • Social Engineering: For this technique, a hacker will contact a user and trick them into giving out their password. For example, they claim they are from the IT department and tell the user they need their password to fix an issue. They may also go dumpster-diving to look for information or try to gain access to a secure room. That is why you should never give your password to anybody, no matter who they claim to be. Always shred any documents that contain personal information.
    • Phishing: In this technique, a hacker sends a fake email to a user that appears to be from a person or company the user trusts. The email may contain an attachment that installs spyware or a keylogger . It may also contain a link to a false business website (made by the hacker) that looks authentic. The user is then asked to input their personal information, which the hacker then gains access to. To avoid these scams, don't open emails you don't trust. Always check that a website is secure (include "HTTPS" in the URL). Log in to business sites directly instead of clicking links in email messages.
    • Wi-Fi Spoofing: In this technique, a hacker uses an app on their smartphone to create a fake Wi-Fi access point that anyone in a public location can sign into. Hackers can give it a name that looks like it belongs to the local establishment. People sign into it thinking they are signing into public Wi-Fi. The app then logs all data transmitted over the internet by those signed into it. If they sign into an account using a username and password over an unencrypted connection, the app will store that data and give the hacker access. To avoid becoming a victim of this heist, avoid using public Wi-Fi. If you must use public Wi-Fi, check with the owner of an establishment to make sure you are signing in to the correct internet access point. Check that your connection is encrypted by looking for a padlock in the URL. You can also use a VPN .
  7. Most information that will be of vital interest is protected, and you need a certain level of authentication to get it. To see all the files on a computer, you need super-user privileges—a user account given the same privileges as the "root" user in Linux and BSD operating systems. For routers, this is the "admin" account by default (unless it has been changed); for Windows, this is the Administrator account. There are a few tricks you can use to gain super-user privileges:
    • Buffer Overflow: If you know the memory layout of a system, you can feed it input the buffer cannot store. You can overwrite the code stored in the memory with your code and take control of the system. [5]
    • In Unix-like systems, this will happen if the bugged software has setUID bit set to store file permissions . The program will be executed as a different user (super-user, for example).
  8. Create a backdoor . Once you have gained full control over a machine, it's a good idea to make sure you can come back again. To create a backdoor, you need to install a piece of malware on an important system service, such as the SSH server . This will allow you to bypass the standard authentication system. However, your backdoor may be removed during the next system upgrade.
    • An experienced hacker would backdoor the compiler itself, so every compiled software would be a potential way to return.
  9. Don't let the administrator know that the system is compromised. Don't make any changes to the website. Don't create more files than you need. Do not create any additional users. Act as quickly as possible. If you patched a server like SSHD, make sure it has your secret password hard-coded. If someone tries to log in with this password, the server should let them in, but it shouldn't contain any crucial information.
  10. Advertisement

Expert Q&A

Search
Add New Question
  • Question
    How can I get better at hacking?
    Tyrone Showers
    Technologist
    Tyrone Showers is a Technologist and the Co-owner of Taliferro Group, an IT consulting company based in Seattle, Washington. With over 35 years of professional experience, he specializes in API Design, e-Commerce, Operational Efficiency, and website development. He has a B.S. in Computer Science from DeVry Institute of Technology.
    Technologist
    Expert Answer
    Developing hacking skills necessitates extensive trial and error. The most effective approach involves delving into the complexities of web technologies and protocols. Gaining a profound understanding of web protocols such as HTTP/2 and HTTP/3 can offer distinctive insights into potential security vulnerabilities. Acquiring proficiency in hacking involves grasping the construction of APIs and recognizing common security oversights to uncover vulnerabilities. For a comprehensive approach, engaging in competitions like Capture the Flag (CTF), specifically centered on web security, can be exceptionally advantageous.
  • Question
    Can I hack using the command prompt?
    Community Answer
    You can, but command prompt is not the best option. Consider Linux terminal instead as you could use and install tools that could help. Perhaps even consider running Linux as a bootable USB or virtual machine.
  • Question
    Why are you telling people how to do something that could be illegal? We have a bad enough hacking problem as it is.
    Community Answer
    Not all hacking is illegal. The writer is trusting that the people with this information will not do anything illegal. Also, hacking isn't always a "problem." FBI hackers help the US gather new helpful information each day.
See more answers
Ask a Question
      Advertisement

      Tips

      • Practice first by hacking into your own computer.
      • If your target is not doing their best to keep you out, you won't ever become good. Of course, don't get cocky. Don't think about yourself as the best of the best. Make this your goal: You must become better and better. Every day that you don't learn something new is a wasted day. As Yoda would say, "Do or do not. There is no try."
      • There is a difference between a hacker and a cracker. A cracker is motivated by malicious (namely, earning money) reasons, while hackers attempt to retrieve information and gain knowledge through exploration - ("bypassing security").
      Show More Tips
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement

      Warnings

      • Be extremely careful if you think you have found a very easy crack or a crude mistake in security management. A security professional protecting that system may be trying to trick you or setting up a Honeypot.
      • Misusing this information may be a local and/or federal criminal act (crime). This article is intended to be informational and should only be used for ethical (not illegal) purposes.
      • If you aren't confident with your skills, avoid breaking into corporate, government, or military networks. Even if they have weak security, they have a lot of money to trace and bust you. If you find a hole in such a network, it's best to hand it to a more experienced hacker who can put these systems to good use.
      • Hacking into someone else's system may be illegal, so don't do it unless you have permission from the owner of the system you are trying to hack and you are sure it's worth it.
      Advertisement

      Expert Interview

      Thanks for reading our article! If you’d like to learn more about hacking, check out our in-depth interview with Tyrone Showers .

      About This Article

      Article Summary X

      1. Gather information on the target.
      2. Try to establish a test connection to the target.
      3. Scan the ports to find an open pathway to the system.
      4. Find an user password to get into the system.
      5. Use Buffer Overlow or other techniques to try to gain "super-user" privileges.
      7. Plant a back door in the system.
      8. Cover your tracks.

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 11,882,546 times.

      Reader Success Stories

      • Pranav Sharma

        Dec 27, 2016

        "Actually, hacking is all about skills, logic and a well known and practiced programming language. Hacking ..." more
      Share your story

      Is this article up to date?

      Advertisement